Three of the IP addresses used by the servers that controlled the compromised systems observed by SecureWorks also overlapped with addresses that hosted servers used in attacks last year on RSA. The attackers used their access to RSA’s systems to steal highly sensitive data related to the company’s two-factor SecurID authentication tokens that 40 million employees use to access corporate and government networks. The IP addresses belong to the China Beijing Province Network’s autonomous system 4808, which researchers say has long been a hotbed for espionage-related malware.”
arstechnica‘s Dan Goodin coments on this report from DELL SecureWorks.
See also this, this, and this.
To some extent we all have the impression that the scientific method makes things move forward based on a set of principles and when one thinks on science, peer reviewed publications and credibility, the concept of reproducibility stands tall.
Making available all the components of a scientific experiment may be a complex task, but guarantees that the community can fully validate the produced results.
In this article from Nature the authors make a reflection on the impact of code un-disclosure when it comes to science.
Much of the debate about code transparency involves the philosophy of science, error validation and research ethics, but our contention is more practical: that the cause of reproducibility is best furthered by focusing on the dissection and understanding of code, a sentiment already appreciated by the growing open-source movement.
Forensic activity cannot fully match to science practice. Of course we can talk about “forensic sciences” as the body of knowledge related to our activities, but we forensic experts (most often) work over concrete instances, not general or abstract matters. But the concept of reproducibility is key to provide support for the basic principles of due process, especially for the impact it may have on the principle of contradiction.
From the forensic perspective we should think about the implications of code un-disclosure in the rights of people.
P.S. If you do the cliking to Nature, don’t miss this.
Comentarios desactivados en The case for open computer programs
Ralph Langner made a great presentation of his results on investigating Stuxnet at Digital Bond’s SCADA Security Scientific Symposium that was held in Miami last January 18-19, 2012.
… the president is also kind enough to show us Scada screens…” (min. 26)
And a remark, min. 57:30: how quality assurance from vendors compares to the one used by the attackers…
From Digital Bond.
Comentarios desactivados en Ralph Langner’s Stuxnet Deep Dive
From agtb via Schneier.
“The National Security Agency has recently declassified an amazing letter that John Nash sent them in 1955. He puts forward an amazingly prescient analysis anticipating computational complexity theory as well as modern cryptography.”
The “best known work” he mentions earned him a Nobel Memorial Prize in Economic Sciences in 1994.
Comentarios desactivados en John Nash’s Letter to NSA (1955)
Esta tarde he tenido el placer de asistir en ESADE, Facultad de Derecho, al seminario “Legal Research Seminar: La valoración de la prueba científica” impartido por el Prof. Dr. Michele Taruffo, Catedrático de Derecho Procesal de la Universidad de Pavia (Italia).
Tras la presentación del profesor Xavier Abel del amplísimo perfil del profesor Taruffo, éste ha iniciado su ponencia, refiriéndose a la complejidad del campo señalando un tomo sobre su mesa, creo que “Reference Manual on Scientific Evidence: Third Edition”, editado por The National Academies Press junto con el Federal Judicial Center y disponible para su descarga en PDF aquí (1038 páginas…).
Ha indicado el profesor que dividiría su presentación en tres apartados, tocando tres cuestiones que considera relevantes.
Continue reading “Legal Research Seminar: La valoración de la prueba científica”
Comentarios desactivados en Legal Research Seminar: La valoración de la prueba científica